chmod / ATTRIB issue.

B.V.Dean B.V.Dean at ukc.ac.uk
Tue Jan 9 13:53:21 GMT 2001 

--------

I posted some code modifications recently to handle an issue with chmod POSIX 
compliance and ATTRIB's behaviour.

On Windows NT (and other MS-OSes I suspect are the same), a user can issue the 
commend:

	ATTRIB +A file.txt

To turn on the DOS archive bit of a file. This succeeds if the user has write 
access to the file, ie always for DOS/Windows/WIndows 9x, and works on Windows 
NT/2000 if the user has ChangePermissions permission granted.

If the file lives on a SAMBA share and it's permissions are:

-rw-rw--- root	group	file.txt

and user is in group, the ATTRIB fails. The reason for this is that the ATTRIB 
maps to a chmod which only allows the owner of the file to change it's 
permissions. Unix has no conecpt of a "ChangePermissions" access right.

The same thing is true regarding the changing of a file's access or 
modification times using utime(2), which only allows the owner or the 
super-user to set a specific time.

My modifications to the samba 2.0.7 source shamelessly stole the code for the 
utime(2) workaround and made a chmod(2) workaround, allowing the SAMBA server 
to become root to do the chmod after testing that the user really did have 
write access to the file.

Is this functionality going to make it into the next release of SAMBA?

How can I make sure it does? This is crucial for me as it is the only way we 
can get Dreamwearver to work on our web server. As it is our recommended web 
editing tool and we moved away from NT to Unix to "improve" things, this has 
to work.

Comments are welcome.

The modifications I made are attached, mail me if you can't do attachments and 
i'll send you the mods.

I changed two files samba-2.0.7/source/param/loadparam.c and samba-2.0.7/source/smbd/dosmode.c


-------------- next part --------------
*** loadparm.c.orig	Mon Sep  4 11:27:17 2000
--- loadparm.c	Mon Sep  4 09:50:44 2000
***************
*** 360,365 ****
--- 360,366 ----
    BOOL bDosFiletimes;
    BOOL bDosFiletimeResolution;
    BOOL bFakeDirCreateTimes;
+   BOOL bDosMode;
    BOOL bBlockingLocks;
    BOOL bInheritPerms; 
    char dummy[3]; /* for alignment */
***************
*** 466,471 ****
--- 467,473 ----
    False, /* bDosFiletimes */
    False, /* bDosFiletimeResolution */
    False, /* bFakeDirCreateTimes */
+   False, /* bDosMode */
    True,  /* bBlockingLocks */
    False, /* bInheritPerms */
    ""     /* dummy */
***************
*** 865,870 ****
--- 867,873 ----
    {"dos filetime resolution",P_BOOL,P_LOCAL,&sDefault.bDosFiletimeResolution,   NULL,  NULL,  FLAG_SHARE|FLAG_GLOBAL},
    
    {"fake directory create times", P_BOOL,P_LOCAL,  &sDefault.bFakeDirCreateTimes, NULL,   NULL, FLAG_SHARE|FLAG_GLOBAL},
+   {"dos mode", P_BOOL,P_LOCAL,  &sDefault.bDosMode, NULL,   NULL, FLAG_SHARE|FLAG_GLOBAL},
    {"panic action",     P_STRING,  P_GLOBAL, &Globals.szPanicAction,     NULL,   NULL,  0},
  
    {NULL,               P_BOOL,    P_NONE,   NULL,                       NULL,   NULL, 0}
***************
*** 1404,1409 ****
--- 1407,1413 ----
  FN_LOCAL_BOOL(lp_dos_filetimes,bDosFiletimes)
  FN_LOCAL_BOOL(lp_dos_filetime_resolution,bDosFiletimeResolution)
  FN_LOCAL_BOOL(lp_fake_dir_create_times,bFakeDirCreateTimes)
+ FN_LOCAL_BOOL(lp_dos_mode,bDosMode)
  FN_LOCAL_BOOL(lp_blocking_locks,bBlockingLocks)
  FN_LOCAL_BOOL(lp_inherit_perms,bInheritPerms)
  
-------------- next part --------------
*** dosmode.c.orig	Mon Sep  4 11:27:30 2000
--- dosmode.c	Mon Sep  4 09:57:55 2000
***************
*** 187,192 ****
--- 187,196 ----
    mode_t tmp;
    mode_t unixmode;
  
+   SMB_STRUCT_STAT sb;
+   extern struct current_user current_user;
+   int ret = -1;
+ 
    if (!st) {
      st = &st1;
      if (dos_stat(fname,st)) return(-1);
***************
*** 225,231 ****
      unixmode |= (st->st_mode & (S_IWUSR|S_IWGRP|S_IWOTH));
    }
  
!   return(dos_chmod(fname,unixmode));
  }
  
  
--- 229,260 ----
      unixmode |= (st->st_mode & (S_IWUSR|S_IWGRP|S_IWOTH));
    }
  
!   if(lp_dos_mode(SNUM(conn))) {
!     /* We want DOS semantics, ie allow non owner with write permission to change the
!        bits on a file. Just like file_utime below.
!     */
!     if(dos_stat(fname,&sb) != 0)
!       return -1;
!   
!     /* Check if we have write access. */
!     if (CAN_WRITE(conn)) {
!   	  if (((sb.st_mode & S_IWOTH) ||
!   	       conn->admin_user ||
!   	       ((sb.st_mode & S_IWUSR) && current_user.uid==sb.st_uid) ||
!   	       ((sb.st_mode & S_IWGRP) &&
!   		in_group(sb.st_gid,current_user.gid,
!   			 current_user.ngroups,current_user.groups)))) {
!   		  /* We are allowed to become root and change the filetime. */
!   		  become_root(False);
!   		  ret = dos_chmod(fname, unixmode);
!   		  unbecome_root(False);
!   	  }
!     }
!   
!     return( ret );
!   } else {  
!     return(dos_chmod(fname,unixmode));
!   }
  }
  
  
-------------- next part --------------
Barry Dean
Senior Computing Officer

More information about the samba-technical mailing list